Apache::AuthenNTLM - Perform Microsoft NTLM and Basic User Authentication
--------------------------------------------------------------------------
Copyright (c) 2002 Gerald Richter / ecos gmbh (www.ecos.de)
You may distribute under the terms of either the GNU General Public
License or the Artistic License, as specified in the Perl README file.
THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
$Id: README,v 1.5 2002/04/19 04:06:02 richter Exp $
OVERVIEW
========
The purpose of this module is to perform a user authentication via Mircosofts
NTLM protocol. This protocol is supported by all versions of the Internet
Explorer and is mainly usefull for intranets. Depending on your preferences
setting IE will supply your windows logon credentials to the web server
when the server asks for NTLM authentication. This saves the user to type in
his/her password again.
The NTLM protocol performs a challenge/response to exchange a random number
(nonce) and get back a md4 hash, which is build form the users password
and the nonce. This makes sure that no cleartext password goes over the wire,
so it's more secure than basic authentication, which doesn't mean it's
a real secure authentication scheme.
Some information about NTLM can be found at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/ntlmssp_0k19.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vcsample98/samp/VC98/sdk/winbase/security/winnt/httpauth/httpauth.asp
More detailed implementation details are available from
http://www.opengroup.org/comsource/techref2/NCH1222X.HTM
http://www.innovation.ch/java/ntlm.html
A lot of ideas and information are taken from the similar Apache module mod_ntlm,
which can be found at http://sourceforge.net/projects/modntlm/
The main advantage of the Perl implementaion is, that it can be easily extented
to verfiy the user/password against other sources than a windows domain controller.
The default implementaion is to go to the domain controller for the given domain
and verify the user. If you want to verify the user against another source, you
can inherit from Apache::AuthenNTLM and override it's methods.
To support users that aren't using Internet Explorer, Apache::AuthenNTLM can
also perform basic authentication depending on it's configuration.
Apache::AuthenNTLM contains an extented version of Authen::Smb, which exposes
some more functions to Perl.
INSTALLATION
============
MIME::Base64 must be installed, then run
perl Makefile.PL
make install
For configuration and more information see perldoc Apache::AuthenNTLM
AUTHOR
======
G. Richter (richter@dev.ecos.de)
Development of this package, versions 0.01-0.13 was sponsored by:
Siemens: http://www.siemens.com